from the stay-safe-everyone dept

Late last week, the Tor Project blog posted a somewhat vague warning about the possibility of an upcoming attempt to disable the Tor network by going after and seizing specialized directory authority servers that are the key to making Tor work.

The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.

We hope that this attack doesn't occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users.

Given that, it seemed especially noteworthy that over the weekend a bunch of Tor exit nodes were apparently quietly seized, according to Thomas White, who ran those servers:

Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken.

While he initially suggested that the way it was done made it seem likely that law enforcement was behind it, he later toned down that suggestion, saying he thought it was less likely that law enforcement was involved than he originally believed. Update: And now the servers have been returned and while there's still some confusion, it looks like nothing nefarious happened here.

Tor, itself, isn't compromised -- and pretty much all experts agree that it remains safe -- but it's at least troubling to see that there's at least some possible attempt to compromise parts of the network.